Security system with an intelligent DMA controller

ABSTRACT

A security subsystem is provided with at least a first security engine, a first set of registers and a control portion to perform a first security operation for each of a first number of data blocks of each of a first number of data segments of a first data object. In one embodiment, the security subsystem is provided with two security engines and two sets of registers to respectively perform the first security operation and a second security operation for the first data object and a similarly constituted second data object. In one embodiment, the first and second security operations are DES and hashing operations. In one embodiment, the multi-method security subsystem is embodied in a multi-service system-on-chip.

RELATED APPLICATION

This application claims priority to U.S. Provisional Application No.60/272,439, entitled “MULTI-SERVICE PROCESSOR INCLUDING A MULTI-SERVICEBUS”, filed Feb. 28, 2001, the specification of which is hereby fullyincorporated by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to the field of security. Morespecifically, the present invention relates to the provision of asecurity subsystem having an intelligent direct memory access (DMA)controller in a multi-service system-on-chip to improve operationalefficiency.

2. Background Information

Advances in integrated circuit technology have led to the birth andproliferation of a wide variety of integrated circuits, including butnot limited to application specific integrated circuits,micro-controllers, digital signal processors, general purposemicroprocessors, and network processors. Recent advances have also ledto the birth of what's known as “system on a chip” or SOC.

In various SOC applications, such as telecommunications, networking andcontent handling, it is often necessary to perform security operationsof one or more types of security methods. The terms “securityoperations” and “security methods” as used in the present applicationinclude all known security operations/methods, as well as to bediscovered security operations/methods that are compatible with thepresent invention. Examples of known security operations/methods includebut are not limited to Data Encryption Standard (DES) methods andoperations of all types, Electronic Codebook (ECB), Cipher BlockChaining (CBC), Cipher Feedback (CFB), and so forth, and hashingoperations of all types, Message Digest (MD5), Secure HASH Algorithm(SHA-1) and so forth.

Further, the security methods or operations often have to be performedfor data of various types, including audio, video and other data, and ofvarious subsystems, such as the subsystem responsible for interfacingthe SOC to a network, the subsystem responsible for interfacing the SOCto a telecommunication line and so forth.

Thus, a need exists to provide or support security operations ofmultiple security methods or operations in an efficient manner.

BRIEF DESCRIPTION OF DRAWINGS

The present invention will be described by way of exemplary embodiments,but not limitations, illustrated in the accompanying drawings in whichlike references denote similar elements, and in which:

FIG. 1 illustrates an overview of a system-on-chip including a securitysubsystem incorporated with the teachings of the present invention, inaccordance with one embodiment;

FIG. 2 illustrates the method of the present invention, in accordancewith one embodiment;

FIG. 3 illustrates the data descriptor of the present invention infurther details, in accordance with one embodiment;

FIGS. 4 a-4 d illustrate the base and continuation portion of a datadescriptor in further details, in accordance with one embodiment;

FIG. 5 illustrates the security subsystem of the present invention infurther details, in accordance with one embodiment;

FIGS. 6 a-6 b illustrate the control and status registers of thesecurity subsystem of FIG. 5 in further details, in accordance with oneembodiment;

FIG. 7 illustrates the further provision of a data traffic router for aDES security engine to support multiple variants of DES operations, inaccordance with one embodiment;

FIG. 8 illustrates the data traffic router of FIG. 7 in further details,in accordance with one embodiment; and

FIG. 9 illustrates the operational flow of the relevant aspects of thecontroller of the security subsystem of FIG. 5 in further details, inaccordance with one embodiment.

DETAILED DESCRIPTION OF THE INVENTION

The present invention includes a security subsystem equipped with anintelligent DMA controller having particular application tosystem-on-chips with subsystems requiring security services. Thesecurity services may include encryption/decryption services/operations,such as DES based encryptions/decryptions, and/or hashing operations,such as MD5 and SHA-1. The present invention advantageously improves theoperational efficiency of the system-on-chip, in particular, offloadingthe controller processor of a system-on-chip.

In the following description, various features and arrangements will bedescribed, to provide a thorough understanding of the present invention.However, the present invention may be practiced without some of thespecific details or with alternate features/arrangement. In otherinstances, well-known features are omitted or simplified in order not toobscure the present invention.

The description to follow repeatedly uses the phrase “in oneembodiment”, which ordinarily does not refer to the same embodiment,although it may. The terms “comprising”, “having”, “including” and thelike, as used in the present application, including in the claims, aresynonymous.

Overview

Referring now to FIG. 1, wherein a block diagram illustrating anoverview of a SOC 100 including control processor 102, memory 104,security subsystem 106 incorporated with the teachings of the presentinvention, and other subsystems 108, in accordance with one embodiment,is shown. As illustrated, for the embodiment, control processor 102,memory 104, security subsystem 106 and other subsystems 108 are coupledto each other via on-chip bus 110, and communicate with each other inaccordance with a predetermined bus protocol. In one embodiment, theon-chip bus and the bus protocol is the on-chip bus described inco-pending U.S. application Ser. No. 10/086,938 contemporaneously filed,entitled “A Multi-Service System On-Chip Including On-Chip Memory withMultiple Access Paths”, which specification is hereby fully incorporatedby reference. In other embodiments, other bus architectures and otherbus communication protocols may be employed instead.

Security subsystem 106 equipped with the teachings of present invention,is employed to provide security services/operations to meet the securityservice/operation needs of subsystems 108. As will be described in moredetails below, in addition to security engines 122 in support of varioussecurity methods, DES operations, hashing operations, and so forth,security subsystem 106 includes intelligent DMA 120 of the presentinvention. Resultantly, unless so desired, upon requested, securitysubsystem 106 may service a security need of one of subsystems 108substantially without further interactions with control processor 102and the requesting subsystem 108, thereby improving the overalloperational efficiency of SOC 100.

The terms “security service” and “security operation” are usedinterchangeably in the present application, depending on which term ismore instrumental in assisting in understanding the present invention.Their core meanings or the essence of their meanings are synonymous.

Except for the teachings of the present invention incorporated insubsystems 108, to allow subsystems 108 to have their security serviceneeds met by security subsystem 106 in the aforementioned advantageousmanner, subsystems 108 may otherwise be any one of a broad range ofsubsystems known in the art or to be developed. Examples of suchsubsystems include but are not limited to voice processors, peripheraldevice controllers, framer processors, network media access controllers,and the like. The exact mix is application dependent and non-essentialto the practice of the present invention.

Except for its use for its conventional function of storing data, inparticular data objects 116 to have security operations performed anddata descriptors 118 of the present invention describing data objects116 and the security operations to be performed, memory 104 mayotherwise be any one of a broad range of volatile or non-volatilestorage units known in the art or to be developed. In one embodiment,the memory 104 is a storage unit with multiple access paths, which isthe subject matter of the aforementioned co-pending and incorporated byreference U.S. patent application Ser. No. 10/086,938.

Control processor 102 controls the overall operation of SOC 100. Inparticular, for the embodiment, the control includes instructingsecurity system 106 to perform a security operation on a data object 116on behalf of one of subsystems 108, which instruction may be responsiveto the request of the subsystem. The exact nature of the remainingcontrol performed by control processor 102 is application dependent, andis not essential to the practice of the present invention. As alluded toearlier, control processor 102 is one of primary beneficiaries of thepresent invention. Further, for the illustrated embodiment, controlprocessor 102 includes instruction cache 112 and data cache 114, tofacilitate performance of its control operations.

Method

Referring now to FIG. 2, wherein a flow chart illustrating a method ofthe present invention, in accordance with one embodiment, is shown. Asillustrated, in accordance with the present invention, a subsystem 108having a security service need for a data object, first sets up inmemory 104 the data object, and a descriptor describing the data object,including the security operation to be performed and the operationalparameters of the security operation, block 202.

Referring now briefly to FIG. 3, under the present invention, a dataobject 116 to have a security operation performed may comprise a numberof data segments 116 a-116 n, with each data segments having a number ofdata bits. The number of data bits in each data segment may be greaterthan, equal to, or less than the data bit size of an atomic block ofdata on which the request security operation operates. For example, aDES operation operates on 64-bit data blocks, accordingly, a datasegment of a data object to have a DES operation performed may begreater than, equal to, or less than 64 bits. Similarly, a MD5/SHA-1operation operates on 512-bit data blocks, a data segment of a dataobject to have a MD5/SHA-1 operation performed may be greater than,equal to, or less than 512 bits. Further, the various data segments maybe stored in contiguous or discontiguous memory locations, and need notbe aligned to any word boundaries.

A descriptor 118 describing a data object 116, the security operation tobe performed, and the operation parameters, may include one or moreparts, i.e. a base part 118 a and zero or more continuation parts 118 n,with the base part 118 a describing the first data segment 116 a, thesecurity operation to be performed for all data segments 116 a-116 n andthe operation parameters, and the continuation parts 118 ncorrespondingly describing the additional data segments 116 n, to bedescribed more fully below.

Returning now to FIG. 2, upon setting up the data object 116 to have asecurity operation performed, and its descriptor 118, for theembodiment, the subsystem 108 requests control processor 102 to causethe desired security operation to be performed, block 204. Since, forthe embodiment, the security operation to be performed, including theoperation parameters, are described by the data descriptor 118 of thedata object 116, accordingly only the location of the descriptor 118needs to be made available to control processor 102. The information maybe made available in any one of a number of manners known in the art.For example, the starting location of the descriptor may be place in apredetermined location associated with a particular interrupt, and thesubsystem 108 interrupts control processor 102 accordingly, upon settingup the data object 116, its descriptor 118, and placement of thestarting location of the descriptor 118 in the predetermined location.As a further example, the starting location of the descriptor 108 may beincluded as part of the security service request, and the securityservice request may be communicated to control processor 102 via acommunication packet.

Still referring to FIG. 2, in response to the request, control processor102 instructs security subsystem 106 to perform the requested securityoperation for the data object 116, including with the instruction, thestarting location of the descriptor 118 of the data object 116, block206. In one embodiment, the instruction is provided to securitysubsystem 106 in the form of a communication packet over bus 110.

In response, as will be described in more detail below, securitysubsystem 106 first loads the base part 118 a of the descriptor 118 ofthe data object 116, and thereafter successively updates the descriptor118 with its continuation parts 118 n, and in parallel, based on thedescriptive information provided therein over time, successively fetchesthe data bits of the data segment 116 a, organizes the data bits intothe atomic data blocks of the requested security operation, provides theorganized data blocks to the appropriate security engine for therequested security operation, causes the security engine to perform thesecurity operation on the provided data blocks, and writes back theresults of the security operation, block 208.

Data Descriptor

FIGS. 4 a-4 d illustrate descriptor 118 of a data object 116, inaccordance with one embodiment. More specifically, FIG. 4 a illustratesthe base part 118 a of a descriptor 118 for a DES operation for a dataobject 116, in accordance with one embodiment; FIG. 4 b illustrates acontinuation part 118 b of a descriptor 118 for a DES operation for adata object 116, in accordance with one embodiment; FIG. 4 c illustratesthe base part 118 a of a descriptor 118 for a hashing operation for adata object 116, in accordance with one embodiment; and FIG. 4 dillustrates a continuation part 118 b of a descriptor 118 for a hashingoperation for a data object 116, in accordance with one embodiment.

As illustrated in FIG. 4 a, for the embodiment, the base part 118 a of adescriptor 118 for a DES operation includes a next descriptor/partaddress 402 identifying the starting word location in memory 104 wherethe next part 118 n of the descriptor 118 or the base part 118 a of anext descriptor 118 is stored. The residual unused least significantbits are employed to facilitate identification of the part as being abase part 118 a of a descriptor 118, and the next descriptor/partaddress information is valid, and may be acted on by the securitysubsystem 106.

Base part 118 a for a DES operation also includes a buffer size 404 anda starting address 406 (in memory 104) of the source buffer holding thebase data segment 116 a being described. Base part 118 a also includesthe starting address 408 (in memory 104) for the destination buffer forwriting back the results of the security operation for the correspondingdata bits of the base data segment 116 a.

Additionally, base part 118 a for a DES operation also includes mode 410specifying the type of DES operation, i.e. ECB, CBC or CFB, to beperformed, and descriptor identifier 412 of the descriptor. Further,base part 118 a of a DES operation also describes up to three keys418-420, 422-424 and 426-428 for the DES operation, and for CBC or CFBmode of operation, base part 118 a also describes the initial vector414-416 of the DES operation.

As illustrated in FIG. 4 b, for the embodiment, the continuation part118 n of a descriptor 118 for a DES operation also includes a nextdescriptor/part address 432 identifying the starting word location ofmemory 104 where the next part 118 n of the descriptor 118 or the basepart 118 a of a next descriptor 118 is stored. Similarly, the residualleast significant bits are employed to facilitate identification of thepart as being a continuation of a descriptor 118, and the nextdescriptor/part address information is valid, and may be acted on by thesecurity subsystem 106.

Similar to the base part 118 a of a descriptor 118 for a DES operation,a continuation part 118 n of a descriptor 118 of a DES operation alsoincludes a buffer size 434 and a starting address 436 (in memory 104) ofthe source buffer holding the continuation data segment 116 n beingdescribed. Continuation part 118 n also includes the starting address438 (in memory 104) for the destination buffer for writing back theresults of the security operation for the corresponding data bits of thecontinuation data segment 116 n.

As illustrated in FIG. 4 c, for the embodiment, the base part 118 a of adescriptor 118 for a hashing operation includes a next descriptor/partaddress 442 identifying the starting word location in memory 104 wherethe next part 118 n of the descriptor 118 or the base part 118 a of anext descriptor 118 is stored. The residual unused least significantbits are employed to facilitate identification of the part as being abase part 118 a of a descriptor 118, and the next descriptor/partaddress information is valid, and may be acted on by the securitysubsystem 106.

Base part 118 a for a hashing operation also includes a buffer size 444and a starting address 446 (in memory 104) of the source buffer holdingthe base data segment 116 a being described. Base part 118 a alsoincludes the starting address 448 (in memory 104) for the destinationbuffer for writing back the results of the security operation for thecorresponding data bits of the base data segment 116 a.

Additionally, base part 118 a for a hashing operation also includes mode450 specifying the type of hashing operation, e.g. MD5 or SHA-1, to beperformed, and descriptor identifier 452 of the descriptor. Further,base part 118 a of a hashing operation also describes at least fourchaining variable 454-460, for the hashing operation, and for the SHA-1mode of operation, a fifth chaining variable 462. For a MD5 hashingoperation, base part 118 a also describes the “must write filer data”462-464 of the hashing operation.

As illustrated in FIG. 4 d, for the embodiment, the constitution of acontinuation part 118 n of a descriptor 118 for a hashing operation isthe same as a continuation part 118 n of a descriptor 118 for a hashingoperation. Continuation part 118 n of a descriptor 118 for a hashingoperation includes a next descriptor/part address 472 identifying thestarting word location of memory 104 where the next part 118 n of thedescriptor 118 or the base part 118 a of a next descriptor 118 isstored. The residual unused least significant bits are employed tofacilitate identification of the part as being a continuation of adescriptor 118, and the next descriptor/part address information isvalid, and may be acted on by the security subsystem 106.

Continuation part 118 n of a descriptor 118 of a hashing operation alsoincludes a buffer size 474 and a starting address 476 (in memory 104) ofthe source buffer holding the continuation data segment 116 n beingdescribed. Continuation part 118 n also includes the starting address478 (in memory 104) for the destination buffer for writing back theresults of the security operation for the corresponding data bits of thecontinuation data segment 116 n.

Security Subsystem

FIG. 5 illustrates security subsystem 106 of the present invention infurther details, in accordance with one embodiment. As illustrated, forthe embodiment, security subsystem 106 includes controller 502,registers 504, data transfer unit 506 and security engines 122, coupledto each other as shown.

Data transfer unit 506 is employed to facilitate receipt of instructionsfrom control processor 102 to perform security operations for variousdata objects 116, access and receipt of the various parts of thedescriptors 118 of the various data objects 116, access and receipt ofthe various data segments of the various data objects 116, and writeback of the results of the various security operations. One embodimentof data transfer unit 506 is described in the aforementioned Ser. No.10/086,938 copending and incorporated by reference U.S. patentapplication. In alternate embodiments, other data interfaces may beemployed instead.

Registers 504 include a number of collections, with each collectionemployed to store a fetched descriptor, e.g. one collection to store thedescriptor of a DES operation to be or being performed, and anothercollection to store the descriptor of a hashing operation to be or beingperformed. In one embodiment, two collections of registers, with onecollection dedicated to support a DES operation, and another collectiondedicated to support a hashing operation, are provided.

For the embodiment, registers 504 also include a number of collectionsof control registers, one collection each for each security operationconcurrently supported, to facilitate control processor 102 inspecifying for security subsystem 106 a number of general operationparameters for performing the corresponding security operation. In oneembodiment, two such collections, one for a DES operation and anotherfor a hashing operation, are supported. The content and meaning of thesecontrol parameters for one embodiment is described in further detailbelow referencing FIG. 6 a.

For the embodiment, registers 504 also include a number of collectionsof status registers, one collection each for each security operationconcurrently supported, to facilitate appraising control processor 102of the current status of security subsystem 106 for the correspondingsecurity operation. In one embodiment, two such collections, one for DESoperation and another for hashing operation are supported. The contentand meaning of these status for one embodiment is described in furtherdetail below referencing FIG. 6 b.

Registers 504 may be implemented via any one of a number of techniquesknown in the art. In one embodiment, a multi-port addressable memoryunit is employed to implement all registers 504 in a single storageunit.

Security engines 106 are employed to perform security operations ofcorresponding types. In one embodiment, one security engine coupled witha data traffic router for performing various types of DES operations,ECB, CBC and CFB (see FIG. 7 where data traffic router is shown aselement 702), one security engine for performing MD5 hashing operations,and one security engine for performing SHA-1 hashing operations areprovided. Any one of a number of implementations known in the art may beemployed to implement the various security engine cores, i.e. thesecurity engine core for performing DEA ECB, CBC and CFB operations, thesecurity engine core for performing MD5 hashing operations, and thesecurity engine core for performing SHA-1 hashing operations. Theirexact implementations are not essential aspects of the presentinvention. One embodiment of the data traffic router enabling a singleDES security engine core to be provided for multiple modes of DESsecurity operations will be further described below, referencing FIG. 8.

Controller 502 controls the operation of data transfer unit 506,registers 504 and security engines 106. The relevant operational flowfor one embodiment will be described in further details below,referencing FIG. 9.

Control and Status Registers of the Security Subsystem

As alluded to earlier, FIG. 6 a-6 b illustrate one each of a collectionof control registers 600 and a collection of status registers 620 for asecurity operation concurrently supported, e.g. a DES operation, or ahashing operation.

Control registers 600 include register 602 for control processor 102 toglobally disable or enable interrupt mode of operation for the securityoperation. Control registers 600 also include registers 604-608 forcontrol processor 102 to instruct security subsystem 106 to interruptcontrol processor 102 upon completion of a data segment, upon completionof a data object or upon encountering an operation error whileperforming the security operation. Further, control registers 600include registers 610-616 for control processor 102 to instruct securitysubsystem 106 to stop the security operation on completion of a datasegment (including completion of a data object), halt operationaltogether, to reset, or to start/continue for the security operation.

Status registers 620 include registers 622-623 for conveying to controlprocessor 102 a bad write address was encountered by security subsystem106, and the remaining byte counts of the results of the securityoperation. Status registers 620 also include registers 624-628 forconveying to control processor 102 an interrupt is pending, where theinterrupt is issued by security system 106 upon completion of a datasegment, completion of a data object or encountering an error, for thesecurity operation. Status registers 620 also include registers 630-632for conveying to control processor 102 that processing for a datasegment or a data object has been completed for the security operation.Further, status registers 620 include registers 634-638 for conveying tocontrol processor 102 that the subsystem is “on”, its outputs are valid,or it is busy.

Data Traffic Router

FIG. 8 illustrates data traffic router 702 of FIG. 7 in further details,in accordance with one embodiment. As illustrated, data traffic router702 includes a number of AND gates 802 a-802 c, a number of multiplexors804 a-804 b, and a number of XOR gates 806 a-806 b, coupled to eachother as shown. More specifically, AND gate 802 a receives the datablock (data_in) of the security operation and control variable A asinputs, and perform a logical AND operation on the inputs. The result ofthe logical AND operation is provided to XOR gate 806 a, which alsoreceives the output of AND gate 802 b as its other input. XOR gate 806 aperforms the logical XOR operation on its inputs, and the output isprovided as input to the DES security engine core.

The output of AND gate 802 b is generated based on the output ofmultiplexor 804 a and control variable B. The output of multiplexor 804is either the initial vector outputted from the earlier describedinitial vector registers, or the result of the DES operation on a priordata block, depending on the control variable C.

In like manner, XOR gate 806 b receives the output from the DES securityengine core and the output of AND gate 802 c as inputs, and performs alogical XOR operation on the inputs to produce the current result of theDES security operation (data_out).

The output of AND gate 802 c is generated based on the output ofmultiplexor 804 c and control variable D. The output of multiplexor 804is either the initial vector outputted from the earlier describedinitial vector registers, or the current input data block of the DESoperation, depending on the control variable E.

The setting of the control variables A through E, for the various modesof DES operations are given in the following table:

Modes A B C D E ECB Encrypt/Decrypt 1 0 X 0 X CBC Encrypt 1 1 1/0 0 XCBC Decrypt 1 0 X 1 1/0 CFB Encrypt 0 1 1/0 1 0 CFB Decrypt 0/1 1/0 1/X1 0 where X stands for “don't care”.

Controller

FIG. 9 illustrates the relevant operational flow of controller 502 ofFIG. 5 in further details, in accordance with one embodiment. As shown,upon instructed by control processor 102, controller 502 of securitysubsystem 106 causes the base portion 118 a of the addressed descriptor118 to be loaded in the appropriate descriptor registers 504 for thespecified security operation, e.g. the descriptor registers 504 for aDES operation or the descriptor registers 504 for a hashing operation,block 902. Next in accordance with the starting address location of thebase data segment (and its size), controller 502 causes the data bits ofthe base data segment to be fetched via one or more fetches (for theembodiment of FIG. 5, through data transfer unit 506, block 904. Thenumber of fetches required depends on the size of the data bits of thedata segment and the width of the data bus between memory 104 andsecurity subsystem 106.

As the data bits successively arrive, controller 502 determines ifsufficient amount of data bits to form an atomic block of data bits forthe security operation has been accumulated, block 906. For as long asthere are insufficient amount of data bits to form an atomic block ofdata bits for the security operation has been accumulated, and the endof the currently described data segment has not been reached, block 912,fetching, i.e. block 904, continues.

Once sufficient amount of data bits to form an atomic block of data bitsfor the security operation has been accumulated, controller 502 causesthe data bits to be organized into a data block, and forwarded to theappropriate security engine, block 908. In due course (typically after apredetermined number of clock cycles), the result of the securityoperation on the provided data block becomes available. At such time,controller 502 causes the result to be written back to the storagelocations of memory 104 as specified by the corresponding part of thedescriptor 118, block 910.

Concurrently, once an atomic data block is provided to the securityengine for operation, controller 502 also continues operation back atblock 912 to determine if the end of the currently described datasegment has been reached. As described earlier, if the end of thecurrently described data segment has not been reached, controller 502continues operation at block 904. If the end of the currently describeddata segment has been reached, controller 502 further determines if alldata segments of the data object has been processed or if all processed,whether security operation for a next data object is to be started,block 914. For the embodiment, controller 502 makes the determinationbased on the earlier described next descriptor/part address and itsassociated valid bit denoting whether the next descriptor/part addressis valid. If not all data segments of the data object has been processedor processing for a new data object is to be started, controller 502causes a continuation part of the current descriptor or the base part ofthe next descriptor to be loaded into descriptor registers 504, block916. In the former case, the descriptor of the data object is updatedwith the data segment related information describing a new data segment.Upon updating or reloading descriptor registers 504, controller 502continues operation at block 904.

Recall that the number of data bits of a data segment may be less than,equal to or greater than the size of the atomic block of the securityoperation, thus in the course of operation, at times, at block 912,after fetching all the data bits of a data segment in accordance to thestarting address and the buffer size currently stored in descriptorregisters 504, a quantity of data bits less than the size of the atomicdata block of the security operation may remain. At such time, asdescribed earlier, controller 502 determines if all data segments of thedata object has been processed, block 914. If not, controller 504 causesa continuation part of the descriptor to loaded, updating thedescriptor. For the embodiment, controller 504 also saves the addressand size information of the previous part of the descriptor, e.g. incorresponding shadow registers (not shown). In one embodiment,controller 504 is equipped with 8 sets of shadow registers, enabling itto fetch as many as 8 data segments to form one atomic data block of thesecurity operation. In other embodiments, more or less sets of shadowregisters may be employed instead.

Back at block 914, if indeed all data segments of the data object hasbeen processed, the residual data bits are indicative of the fact thatthe data object has a size that is not modulo the size of the atomicdata block of the security operation (64 bits in the case of a DESoperation, and 512 bits in the case of hashing operation). For theembodiment, an error is returned, block 918.

CONCLUSION AND EPILOGUE

Thus, it can be seen from the above descriptions, an improved method andapparatus for performing security services/operations for subsystems ofa SOC has been described. The novel scheme advantageously offloads thecontrol processor of the SOC and enables the SOC to operate moreefficiently. While the present invention has been described in terms ofthe foregoing embodiments, those skilled in the art will recognize thatthe invention is not limited to these embodiments. The present inventionmay be practiced with modification and alteration within the spirit andscope of the appended claims. Thus, the description is to be regarded asillustrative instead of restrictive on the present invention.

1. A security subsystem comprising: a first security engine to perform afirst security operation on a block of data bits; a first plurality ofregisters to collectively store a first descriptor of a first dataobject having first one or more data segments, with each of said firstone or more data segments having a plurality data bits; and a controlportion coupled to said first registers and the first security engine tocause (a) said first descriptor of said first data object to be loadedinto said first registers, first describing a first data segment of saidfirst data object, and said first descriptor to be successively updatedto correspondingly describe first additional data segments of said firstdata object, if any, one data segment at a time, and (b) data bits ofeach currently described one of said first data segments to besuccessively fetched, organized into blocks of data bits, and providedto said first security engine to have said first security operation tobe successively performed on the provided blocks of data bits; a secondsecurity engine to perform a second security operation on a block ofdata bits; a second plurality of registers to collectively store asecond descriptor of a second data object having second one or more datasegments, with each of said second one or more data segments having aplurality of data bits; and said control portion is further coupled tosaid second registers and the second security engine to cause (a) saidsecond descriptor of said second data object to be loaded into saidsecond registers, first describing a second data segment of said seconddata object, and said second descriptor to be successively updated tocorrespondingly describe second additional data segments of said seconddata object, if any, one data segment at a time, and (b) data bits ofeach currently described one of said second data segments to besuccessively fetched, organized into blocks of data bits, and providedto said second security engine to have said second security operation tobe successively performed on the provided blocks of data bits.
 2. Thesecurity subsystem of claim 1, where said first descriptor of said firstdata object includes, at a first instance in time, first storagelocation descriptions that describe first storage locations of data bitsof a first of said first data segments of said first data object.
 3. Thesecurity subsystem of claim 2, where said first storage locationdescriptions comprise a starting storage location address and a size ofthe data bits of said first data segments of said first data object. 4.The security subsystem of claim 2, where said first descriptor of saidfirst data object includes, at a second instance in time, second storagelocation descriptions that describe second storage locations of databits of a second of said first data segments of said first data object.5. The security subsystem of claim 4, where said first storage locationsand said second storage locations are contiguous storage locations. 6.The security subsystem of claim 4, where said first storage locationsand said second storage locations are discontiguous storage locations.7. The security subsystem of claim 1, where said control portion furthercauses the results of said first security operations performed for theprovided blocks of data bits to be successively returned.
 8. Thesecurity subsystem of claim 7, where said first descriptor of said firstdata object includes, at a first instance in time, first storagelocation descriptions that describe first storage locations forreturning first results of said first security operations performed onthe provided data bits of a first of said first data segments of saidfirst data object.
 9. The security subsystem of claim 8, where saidfirst storage location descriptions comprise a starting storage locationaddress.
 10. The security subsystem of claim 8, where said firstdescriptor of said first data object includes, at a second instance intime, second storage location descriptions that describe second storagelocations for returning second results of said second securityoperations performed on the provided data bits of a second of said firstdata segments of said first data object.
 11. The security subsystem ofclaim 10, where said first storage locations and said second storagelocations are contiguous storage locations.
 12. The security subsystemof claim 10, where said first storage locations and said second storagelocations are discontiguous storage locations.
 13. The securitysubsystem of claim 1, where said first descriptor of said first dataobject also describes operating parameters to be employed to performsaid first security operation on each of said provided blocks of databits of said first data object, and said control portion further causessaid described operating parameters to be provided to said firstsecurity engine.
 14. The security subsystem of claim 1, wherein saidfirst security operation is a DES operation.
 15. The security subsystemof claim 14, wherein said DES operation is a selected one of a DEScipher operation and a DES decipher operation.
 16. The securitysubsystem of claim 14, wherein said DES operation is a selected one of aDES ECB operation, a DES CBC operation and a DES CFB operation.
 17. Thesecurity subsystem of claim 14, wherein said first descriptor of saidfirst data object also describes operating parameters including a firstand a second key of to be employed to perform said DES operation on eachof said provided blocks of data bits of said first data object, and saidfirst control portion further causes said described operating parametersincluding said first and second keys of said DES operation to beprovided to said first security engine.
 18. The security subsystem ofclaim 17, wherein said operating parameters further include a third keyof said DES operation.
 19. The security subsystem of claim 14, whereinsaid DES operation is a selected one of a DES CBC operation and a DESCFB operation; said security subsystem further comprises a data routercoupled to said security engine to selectively route a current block ofdata bits of said first data object and a result of the selected DESsecurity operation for a prior block of data bits to said securityengine; and said control portion is further coupled to said data routerto control its operation.
 20. The security subsystem of claim 1, whereinone of the first and second security operations is a hashing operation.21. The security subsystem of claim 20, wherein said hashing operationis a selected one of a MD5 operation and a SHA-1 operation.
 22. Thesecurity subsystem of claim 20, wherein said first descriptor of saidfirst data object also describes operating parameters including aplurality of chaining variables to be employed to perform said hashingoperation on each of said blocks of data bits of said first data object,and said first control portion further causes said described operatingparameters including said chaining variables to be provided to saidfirst security engine.
 23. The security subsystem of claim 1, whereinsaid security subsystem further comprises a control register tofacilitate a subsystem external to said security subsystem in providingone more control instructions to said control portion of said securitysubsystem.
 24. The security subsystem of claim 23, wherein at least oneof said control instructions is a selected one of instructing saidcontrol portion to start said first security operation, to interruptsaid external subsystem upon completing said first security operationfor all blocks of data bits of said first data segments of said firstdata object, to interrupt said external subsystem upon completing saidfirst security operation for all blocks of data bits of said first dataobject, and to stop said security subsystem upon completing said firstsecurity operation for all blocks of data bits of said first datasegments of said first data object.
 25. The security subsystem of claim1, wherein said security subsystem further comprises a status registerto facilitate said control portion of said security subsystem inproviding one or more status to a subsystem external to said securitysubsystem.
 26. The security subsystem of claim 25, wherein at least oneof said status is a selected one of a pending interrupt issued oncompletion of said first security operation for all blocks of data bitsof said first data segments of said first data object, a pendinginterrupt issued on completion of said first security operation for allblocks of data bits of said first data object, completion of said firstsecurity operation for all blocks of data bits of said first datasegments of said first data object, completion of said first securityoperation for all blocks of data bits of said first data object and saidsecurity subsystem being in a busy state.
 27. The security subsystem ofclaim 1, where said control portion further causes the results of saidsecond security operations performed for the provided blocks of databits to be successively returned.
 28. The security subsystem of claim 1,where said second descriptor of said second data object also describesoperating parameters to be employed to perform said second securityoperation for each of said blocks of data bits of said second dataobject, and said control portion further causes said described operatingparameters to be provided to said second security engine.
 29. Thesecurity subsystem of claim 1, wherein said first security operation isa DES operation and said second security operation is a hashingoperation.
 30. The security subsystem of claim 1, wherein said securitysubsystem further comprises a data transfer unit coupled to said firstsecurity engine and said control portion to retrieve and provide saiddata bits of said first data object for said first security engine, andreturn the results of said first security operations performed for saiddata bits of said first data object, under the control of said controlportion.
 31. An apparatus comprising: a memory to store data anddescriptive information of said data; a processor coupled to said memoryto set up in said memory a first descriptor having first one or moreparts, describing a first data object having first one or more datasegments, with each of said first one or more data segments having aplurality of data bits; and a security subsystem coupled to said memoryand said processor to perform a first security operation on each of aplurality of blocks of data bits of said first one or more data segmentsof said first data object, responsive to a request of said processor,wherein the security subsystem is equipped to (a) first retrieve a firstpart of said first descriptor, and then successively updates said firstdescriptor with its additional parts, if applicable, (b) successivelyfetch the data bits of said first one or more data segments of saidfirst data object in accordance with the successive current descriptionsof the first descriptor, (c) successively organize the fetched data bitsinto blocks of data bits, (d) successively perform said first securityoperation on said organized data blocks, and (e) successively return theresults of said successive first security operations wherein thesecurity subsystem comprises a first security engine to perform saidfirst security operation for a block of data bits; a first plurality ofregisters to collectively store the currently retrieved part of a dataobject descriptor; and a control portion coupled to said first registersand the first security engine to cause (a) said first part of said firstdescriptor of said first data object to be loaded into said firstregisters, and then successively undated to successively describe saidfirst one or more data segments of said first data object, (b) data bitsof each currently described one of said first data segments to besuccessively fetched, organized into blocks of data bits, and providedto said first security engine to have said first security operation tobe successively performed on the provided data blocks, and (c) theresults of said successively performed first security operations to bereturned.
 32. The apparatus of claim 31, wherein each of said first oneor more parts of said first descriptor describes storage locations ofdata bits of a corresponding one of said first one or more data segmentsof said first data object.
 33. The apparatus of claim 32, wherein saidfirst one or more data segments of said first data object comprise twoor more data segments, and the storage locations of the data blocks ofat least one of the data segments are discontiguous from the storagelocation of the data blocks of the other data segments of said firstdata object.
 34. The apparatus of claim 31, wherein each of said firstone or more parts of said first descriptor describes storage locationsfor returning the results of said first security operations for the databits of a corresponding one of said first one or more data segments ofsaid first data object.
 35. The apparatus of claim 34, wherein saidfirst one or more data segments of said first data object comprise twoor more data segments, and the storage locations for returning theresults of said first security operations performed for the data bits ofat least one of the data segments are discontiguous from the storagelocation for returning the results of said first security operationsperformed for the data bits of the other data segments of said firstdata object.
 36. The apparatus of claim 31, wherein at least a firstpart of said first descriptor of said first data object also describesoperating parameters to be employed to perform said first securityoperation for each of said blocks of data bits of said first dataobject.
 37. The apparatus of claim 31, wherein said first securityoperation is a DES operation.
 38. The apparatus of claim 37, whereinsaid DES operation is a selected one of a DES cipher operation and a DESdecipher operation.
 39. The apparatus of claim 37, wherein said DESoperation is a selected one of a DES ECB operation, a DES CBC operationand a DES CFB operation.
 40. The apparatus of claim 37, wherein at leasta first part of said first descriptor of said first data object alsodescribes operating parameters including a first and a second key of tobe employed to perform said DES operation on each of said blocks of databits of said first data object.
 41. The apparatus of claim 40, whereinsaid operating parameters further include a third key of said DESoperation.
 42. The apparatus of claim 37, wherein said DES operation isa selected one of a DES CBC operation and a DES CFB operation; and saidsecurity subsystem is further equipped to selectively employ a currentblock of data bits of said first data object and a result of theselected DES security operation for a prior block of data bits toperform the selected DES operation.
 43. The apparatus of claim 31,wherein said security operation is a hashing operation.
 44. Theapparatus of claim 43, wherein said hashing operation is a selected oneof a MD5 operation and a SHA-1 operation.
 45. The apparatus of claim 43,wherein at least a first part of said first descriptor of said firstdata object also describes operating parameters including a plurality ofchaining variables to be employed to perform said hashing operation foreach of said blocks of data bits of said first data object.
 46. Theapparatus of claim 31 wherein said security subsystem further comprisesa control register to facilitate said processor in providing one morecontrol instructions to said security subsystem.
 47. The apparatus ofclaim 46, wherein at least one of said control instructions is aselected one of instructing said security subsystem to start said firstsecurity operation, to interrupt said processor upon completing saidfirst security operation for all blocks of data bits of said first datasegments of said first data object, to interrupt said processor uponcompleting said first security operation for all blocks of data bits ofsaid first data object, and to stop said security subsystem uponcompleting said first security operation for all blocks of data bits ofsaid first data segments of said first data object.
 48. The apparatus ofclaim 31, wherein said security subsystem further comprises a statusregister to facilitate said security subsystem in providing one or morestatus to said processor.
 49. The apparatus of claim 48, wherein atleast one of said status is a selected one of a pending interrupt issuedon completion of said first security operation for all blocks of databits of said first data segments of said first data object, a pendinginterrupt issued on completion of said first security operation for allblocks of data bits of said first data object, completion of said firstsecurity operation for all blocks of data bits of said first datasegments of said first data object, completion of said first securityoperation for all blocks of data bits of said first data object and saidsecurity subsystem being in a busy state.
 50. An apparatus comprising: amemory to store data and descriptive information of said data; aprocessor coupled to said memory to set up in said memory a firstdescriptor having first one or more parts, describing a first dataobject having first one or more data segments, with each of said firstone or more data segments having a plurality of data bits; and asecurity subsystem coupled to said memory and said processor to performa first security operation on each of a plurality of blocks of data bitsof said first one or more data segments of said first data object,responsive to a request of said processor, wherein the securitysubsystem is equipped to (a) first retrieve a first part of said firstdescriptor, and then successively updates said first descriptor with itsadditional parts, if applicable, (b) successively fetch the data bits ofsaid first one or more data segments of said first data object inaccordance with the successive current descriptions of the firstdescriptor, (c) successively organize the fetched data bits into blocksof data bits, (d) successively perform said first security operation onsaid organized data blocks, and (e) successively return the results ofsaid successive first security operations wherein said processor is alsoto set up in said memory a second descriptor having second one or moreparts, describing a second data object having second one or more datasegments, with each of said second one or more data segments having aplurality of data bits; and said security subsystem is also to perform asecond security operation for data bits of said second one or more datasegments of said second data object, responsive to a request of saidprocessor, wherein the security subsystem is also equipped to (a) firstretrieve a first part of said second descriptor, and then successivelyupdates said second descriptor with its additional parts, if applicable,(b) successively fetch the data bits of said second one or more datasegments of said second data object in accordance with the successivecurrent descriptions of the second descriptor, (c) successivelyorganized the successively fetched data bits into blocks of data bits,(d) successively perform said second security operation on saidsuccessively organized blocks of data bits, and (d) successively returnthe results of said successive second security operations.
 51. Theapparatus of claim 50, wherein said first security operation is a DESoperation and said second security operation is a hashing operation. 52.The apparatus of claim 31, wherein said apparatus is disposed on asingle integrated circuit.
 53. A method comprising: a processor settingup in a memory a first descriptor having first one or more parts,describing a first data object having first one or more data segments,with each of said first one or more data segments having a plurality ofdata bits; and a security subsystem performing a first securityoperation on the data bits of said first one or more data segments ofsaid first data object, responsive to a request of said processor, by(a) first retrieving a first part of said first descriptor, and thensuccessively updating said first descriptor with its additional parts,if applicable, (b) successively fetching the data bits of said first oneor more data segments of said first data object in accordance with thesuccessive current descriptions of the first descriptor, (c)successively organizing the fetched data bits into blocks of data bits,(d) successively performing said first security operation on saidsuccessively organized data blocks, and (d) successively returning theresults of said successive first security operations, wherein the methodfurther comprises said processor setting up in said memory a seconddescriptor having second one or more parts, describing a second dataobject having second one or more data segments, with each of said secondone or more data segments having a plurality of data bits; and saidsecurity subsystem performing a second security operation on data bitsof said second one or more data segments of said second data object,responsive to a request of said processor, by (a) first retrieving afirst part of said second descriptor, and then successively updatingsaid second descriptor with its additional parts, if applicable, (b)successively fetching the data blocks of said second one or more datasegments of said second data object in accordance with the successivecurrent descriptions of the second descriptor, (c) successivelyorganizing the fetched data bits into blocks of data bits, (d)successively performing said second security operation for saidsuccessively organized blocks of data bits, and (e) successivelyreturning the results of said successive second security operations. 54.The method of claim 53, wherein each of said first one or more parts ofsaid first descriptor describes storage locations of data bits of acorresponding one of said first one or more data segments of said firstdata object.
 55. The method of claim 54, wherein said first one or moredata segments of said first data object comprise two or more datasegments, and the storage locations of the data blocks of at least oneof the data segments are discontiguous from the storage location of thedata blocks of the other data segments of said first data object. 56.The method of claim 53, wherein each of said first one or more parts ofsaid first descriptor describes storage locations for returning theresults of said first security operations for data bits of acorresponding one of said first one or more data segments of said firstdata object.
 57. The method of claim 56, wherein said first one or moredata segments of said first data object comprise two or more datasegments, and the storage locations for returning the results of saidfirst security operations performed for the data bits of at least one ofthe data segments are discontiguous from the storage location forreturning the results of said first security operations performed forthe data bits of the other data segments of said first data object. 58.The method of claim 53, wherein at least a first part of said firstdescriptor of said first data object also describes operating parametersto be employed to perform said first security operation for data bits ofsaid first data object.
 59. The method of claim 53, wherein said firstsecurity operation is a DES operation.
 60. The method of claim 59,wherein said DES operation is a selected one of a DES cipher operationand a DES decipher operation.
 61. The method of claim 59, wherein saidDES operation is a selected one of a DES ECB operation, a DES CBCoperation and a DES CFB operation.
 62. The method of claim 59, whereinat least a first part of said first descriptor of said first data objectalso describes operating parameters including a first and a second keyof to be employed to perform said DES operation on each of said datablocks of said first data object.
 63. The method of claim 62, whereinsaid operating parameters further include a third key of said DESoperation.
 64. The method of claim 59, wherein said DES operation is aselected one of a DES CBC operation and a DES CFB operation; and saidmethod further comprises said security subsystem selectively employing acurrent block of data bits of said first data object and a result of theselected DES security operation for a prior block of data bits toperform the selected DES operation.
 65. The method of claim 53, whereinsaid security operation is a hashing operation.
 66. The method of claim65, wherein said hashing operation is a selected one of a MD5 operationand a SHA-1 operation.
 67. The method of claim 65, wherein at least afirst part of said first descriptor of said first data object alsodescribes operating parameters including a plurality of chainingvariables to be employed to perform said hashing operation for each ofsaid blocks of data bits of said first data object.
 68. The method ofclaim 53 wherein said method further comprises said processor providingone more control instructions to said security subsystem.
 69. The methodof claim 68, wherein at least one of said control instructions is aselected one of instructing said security subsystem to start said firstsecurity operation, to interrupt said processor upon completing saidfirst security operation for all data bits of one of said first datasegments of said first data object, to interrupt said processor uponcompleting said first security operation for all data bits of said firstdata object, and to stop said security subsystem upon completing saidfirst security operation for all data bits of one of said first datasegments of said first data object.
 70. The method of claim 53, whereinsaid method further comprises said security providing one or more statusto said processor.
 71. The method of claim 70, wherein at least one ofsaid status is a selected one of a pending interrupt issued oncompletion of said first security operation for all data bits of one ofsaid first data segments of said first data object, a pending interruptissued on completion of said first security operation for all data bitsof said first data object, completion of said first security operationfor all data bits of one of said first data segments of said first dataobject, completion of said first security operation for all data bits ofsaid first data object and said security subsystem being in a busystate.
 72. The method of claim 53, wherein said first security operationis a DES operation and said second security operation is a hashingoperation.